North Korea outage a case study in online uncertainties

Raphael Satter and Eileen Sullivan

North Korea's microscopic corner of the internet has had a rough couple of days, suffering seven outages in the last 48 hours, according to one web traffic monitor.

The mysterious problems have some talking of a retaliatory cyberattack by the United States, which holds Pyongyang responsible for last month's spectacular hack of Sony Pictures. American officials have fueled speculation with vague denials, but security experts say North Korea's internet infrastructure is so skeletal that even amateurs — or a simple glitch — could have brought it clattering down.

"A large city block in London or New York would have more IP (Internet Protocol) addresses than North Korea," said Ofer Gayer, a security researcher at Redwood Shores, California-based Incapsula. He said that if the network was targeted by a kind of distributed denial-of-service — or DDoS — attack, the list of suspects is endless.

"Any kid that knows how to run a small-sized DDoS amplification attack can do it from his home."

For many, the uncertainty over the outage — and lingering doubts over who hacked Sony — illustrates how little we can really know about attacks in the Information Age.

"This whole incident is a perfect illustration of how technology is equalising capability," Bruce Schneier, a respected security expert, said in a blog post. "In both the original attack against Sony, and this attack against North Korea, we can't tell the difference between a couple of hackers and a government."

Advertisement

Here's what is known:

For two days, North Korea struggled to stay online

After spending a significant chunk of Monday offline, North Korea's internet had two short outages on Tuesday morning, according to Jim Cowie, the chief scientist at Dyn Research, an internet performance company.

Cowie characterised the outages as a "return to instability", and said they were the same type of outages that caused the original disruption.

Hiccups continued until Wednesday. Internet monitor BGPmon says it has detected a total of seven interruptions, with the last hour-long outage reported between 6.30 and 7.45 GMT.

It doesn't take much to knock North Korea off the web

North Korea has a tiny online footprint, thousands of millions of times smaller than that of the United States or even archrival South Korea. Gayer, the Incapsula researcher, pegged the country's total bandwidth at 2.5 gigabits per second, a minuscule amount of traffic which could easily be overwhelmed by a denial-of-service attack. Only last week, a London teenager pleaded guilty to a cyber attack against an anti-spam group which clocked in at 300 gigabits per second.

Speculation is rampant

US officials have refused to be drawn over the online mischief, feeding speculation that American retribution may be to blame for North Korea's internet problems.

"Ask the North Koreans if their internet wasn't working," said US State Department representative Marie Harf in response to questions about the outages on Tuesday. "I would check with them."

The attack doesn't fit the pattern of an American cyber-strike, said Dan Holden of Arbor Networks, which works to block denial-of-service attacks. He said online activists may be to blame, and social media chatter provides some support for the claim.

One prominent account linked to Anonymous, the amorphous collective of self-appointed cyber-vigilantes, briefly claimed credit for knocking North Korea offline before it was itself yanked from the internet by Twitter. Rival claims — from obscure groups carrying names like "Lizard Squad" or "Gator League" — were even harder to assess.

This has heppened before

North Korea's Internet has gone dark before. In March 2013 the nation experienced connectivity problems for the better part of a day and a half.

The North Korean government blamed the United States for the problems, but their cause has never been publicly confirmed.